Senior Cyber GRC Specialist

The Senior Cyber Governance, Risk, and Compliance (GRC) Specialist plays a key role in developing, enhancing, and implementing the firm’s cybersecurity risk management program. Reporting to the Director of Cyber GRC, this role is responsible for designing a data-driven risk and control framework to rigorously and continuously assess cyber, technology, and operational risks. The specialist will oversee issue registration and tracking through resolution while providing regular reports to Cybersecurity leadership and other key stakeholders.

This position will remain 100% remote.

What You Will Be Doing

• Establish, document, and oversee the firm’s Risk Management program, including processes for identifying, categorizing, assessing, and registering risks; assigning ownership; determining risk responses; and ensuring issues are resolved.
• Lead comprehensive risk assessments across all business units to identify potential threats and vulnerabilities. Develop and implement mitigation strategies to protect the firm’s assets and reputation.
• Provide strategic guidance to senior management on risk-related matters, ensuring risk considerations are integrated into business planning and decision-making.
• Ensure the firm’s risk and control framework accounts for emerging technologies and evolving risks, such as AI.
• Oversee security compliance initiatives, ensuring alignment with industry standards (e.g., ISO 27001:2022) and client requirements (e.g., CMMC, NIST 800-171).
• Manage the firm’s cyber governance forum, providing updates on program progress to the CISO and senior stakeholders.
• Develop and refine Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) to assess control adoption, measure performance strengths and weaknesses, and quantify risk exposure.
• Identify opportunities for automating control monitoring and collaborate with technical experts to define and implement automation solutions.
  
  

Required Skills & Experience:

• A bachelor's degree in Computer Science or Engineering is preferred; an advanced degree or certifications such as CISSP, CISM, CRISC, or CISA is highly desirable.
• A minimum of 10 years of experience in risk management, ideally within a law firm or professional services setting. Demonstrated success in managing complex risk projects and initiatives.
• Exceptional analytical and problem-solving skills, with the ability to distill complex information into actionable insights.
• Strategic mindset with the ability to align risk management practices with organizational objectives.
• Strong time-management skills, unwavering follow-through, and consistent, reliable execution.
• Excellent written and verbal communication skills.
• Experience with CMMC and NIST 800-171 is a plus.
  
  

Applicants must be currently authorized to work in the United States on a full-time basis now and in the future.

This position doesn’t provide sponsorship.

Posted By: Ashton Corbett